An initiative promoting the intersection of internet #privacy and #cybersecurity for all users.
MOVED to infosec.exchange -> @avoidthehack
| avoidthehack | https://avoidthehack.com |
| https://twitter.com/avoidthehack | |
| Ko-Fi | https://ko-fi.com/avoidthehack |
How to share files and sensitive information securely
@bitwarden shows you how to use Bitwarden Send to share files and sensitive information in a more secure way.
In most cases, you should avoid sending sensitive information via email (even if not a file).
#opsec #cybersecurity #security
https://bitwarden.com/blog/how-to-share-files-and-sensitive-information-securely/
Avoidthehack updates #private #browser Comparison Tool
- Added Mullvad @mullvadnet browser
- Added Comodo IceDragon
- Fixed image display issues on some #browsers
- Corrected existing information
CISA Adds Five Known #Vulnerabilities to Catalog
CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation
CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass
CVE-2023-35311 Microsoft Outlook Security Feature Bypass
CVE-2023-36874 Microsoft Windows Error Reporting Service Privilege Escalation
CVE-2022-31199 Netwrix Auditor Insecure Object Deserialization
#cybersecurity #infosec #security
https://www.cisa.gov/news-events/alerts/2023/07/11/cisa-adds-five-known-vulnerabilities-catalog
Microsoft today issued security updates to fix a whopping 130 flaws in Windows etc, including 4 zero-day vulnerabilities. MSFT issued an advisory for but did not patch a fifth zero-day that is being exploited by ransomware crooks reportedly working in support of Russian intelligence operations. Meanwhile, Apple issued and then pulled a patch for a zero-day flaw in iOS and macOS. The Apple flaw is fixed in iOS/iPadOS 16.5.1, macOS 13.4.1, and Safari 16.5.2.
https://krebsonsecurity.com/2023/07/apple-microsoft-patch-tuesday-july-2023-edition/
Whoa. Sophos researchers just announced that they’ve uncovered 133 malicious drivers signed with legitimate digital certificates, and found 100 of of those 133 drivers were signed by Microsoft.
From the post:
"Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than 100 malicious drivers that had been digitally signed by Microsoft and others, dating as far back as April 2021."
"They also released Knowledge Base article 5029033, which includes new, more detailed information on the technical measures Microsoft has taken to protect against these malicious signed drivers."
https://msrc.microsoft.com/update-guide/vulnerability/ADV230001
https://support.microsoft.com/help/5029033
Today's post about patches from Microsoft and Apple to quash zero-day bugs:
https://krebsonsecurity.com/2023/07/apple-microsoft-patch-tuesday-july-2023-edition/
I wrote recently about one of the bigger names in signing malware as a service:
https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/
#Apple releases emergency #update to fix zero-day exploited in attacks
CVE-2023-37450 - code execution in the WebKit browser engine (which powers Safari).
How to block emails on #Gmail, Outlook, Proton Mail, Yahoo Mail, and #Apple Mail
From @protonmail
New ‘Big Head’ ransomware displays fake Windows update alert
Suspected to be spreading primarily through *gasp* Malvertising.
During the encryption stage, this #ransomware displays a loading screen similar to a #windows update.
How Threads’ #privacy policy compares to Twitter’s (and its rivals’)
#threads has abysmal privacy... just reading the list in this article is exhausting.
I fail to see how it is an "acceptable middleground" for users being introduced into the #fediverse (with the talk of ActivityPub integration.)
BrianKrebs
